java二次开发源码下载-identity-agent-sso:身份代理sso

# DEPRECATION NOTICE This repository is deprecated and all the work has been moved to the following repositories. - https://github.com/asgardio/asgardio-java-saml-sdk. - https://github.com/asgardio/asgardio-tomcat-saml-agent. - https://github.com/asgardio/asgardio-java-oidc-sdk. - https://github.com/asgardio/asgardio-tomcat-oidc-agent. # WSO2 SAML SDK for Java The WSO2 SAML SDK for Java enables software developers to integrate SAML based SSO authentication with Java Web applications. The SDK is built on top of the OpenSAML library which allows Java developers to develop cross-domain single sign-on and federated access control solutions with minimum hassle. ## Table of Contents - [Trying out the sample](#trying-out-the-sample) * [Prerequisites](#prerequisites) * [Running the SampleApp](#running-the-sampleapp) - [How it works](#how-it-works) - [Integrating SAML into your Java application](#integrating-saml-into-your-java-application) * [Getting Started](#getting-started) * [Configuring the web app](#configuring-the-web-app) * [Retrieving User Attributes](#retrieving-user-attributes) - [Installing the SDK](#installing-the-sdk) * [Github](#github) * [Building from the source](#building-from-the-source) * [Maven](#maven) - [Contributing](#contributing) * [Reporting Issues](#reporting-issues) - [Versioning](#versioning) - [Authors](#authors) - [License](#license) ## Trying out the sample ### Prerequisites 1. WSO2 Identity Server and it's [prerequisites](https://is.docs.wso2.com/en/next/setup/installing-the-product/). 2. We assume you are going to use [Maven](https://maven.apache.org/guides/getting-started/) to handle enterprise level Java projects development. Hence, we will be using [Maven](https://maven.apache.org/guides/getting-started/) for demonstration. A sample app for demonstrating SAML based SSO authentication, SLO and attribute retrieval is hosted at: https://github.com/wso2-extensions/identity-agent-sso/tree/master/resources/SampleApp You can download the pre-built SampleApp.war from https://github.com/wso2-extensions/identity-agent-sso/releases/latest ### Running the SampleApp In order to check SSO using SAML2, please follow these steps 1. Start the WSO2 IS. 2. Access WSO2 IS management console and create a service provider (ex:- sampleApp) For the service provider, configure SAML2 Web SSO under Inbound Authentication Configuration. In this configuration, use following parameters and options, Issuer - SampleApp Assertion Consumer URLs - http://localhost:8080/SampleApp/home.jsp Enable Attribute Profile - True Include Attributes in the Response Always - True Keep other default settings as it is and save the configuration. Next, expand the [Claim Configuration](https://is.docs.wso2.com/en/latest/learn/configuring-claims-for-a-service-provider/#configuring-claims-for-a-service-provider) section. In this configuration, Set the following config and add the claims you need to retrieve (ex: http://wso2.org/claims/lastname) from the web app. Select Claim mapping Dialect - Use Local Claim Dialect See the example claim config below.  3. Deploy the application, `SampleApp.war` using Apache Tomcat. 4. Try out the application by accessing the `http://localhost:8080/SampleApp/index.html`. By default, the application runs on url `http://localhost:8080/SampleApp/`  **NOTE:** Some browsers do not support cookie creation for naked host names (ex:- localhost). SSO functionality require cookies in the browser. In that case, use `localhost.com` host name for the sample application. You will require to edit the SampleApp .properties file in <TOMCAT_HOME>/webapps/SampleApp/WEB-INF/classes directory and set the following: `SAML2.AssertionConsumerURL=http://localhost.com:8080/SampleApp/home.jsp` and update the Assertion Consumer URLs in the Identity Server Service Provider configurations accordingly. You will also require to add this entry to `hosts` file. For windows this file locations is at `<Windows-Installation-Drive>\Windows\System32\drivers\etc \hosts`. For Linux/Mac OS, this file location is at `/etc/hosts`. ## How it works In the SampleApp sample, we have two pages. A landing page (index.html) which we have not secured, and a secondary page (home.jsp) which we have secured. In the SampleApp.properties file in the `identity-agent-sso/resources/SampleApp/src/main/resources` directory, we have set the /SampleApp/index.html as the index page via the following property: IndexPage=/SampleApp/index.html Hence, the sso agent regards the index.html page as the landing page and would be added to the skipURIs. Then, the index page would be regarded as a page that is not secured. When a SLO sequence is initiated, the sso agent would redirect the user to this exact page which is configured via the `IndexPage` property. In the **index.html** page of the SampleApp, we have added the action for the login button to trigger a SAML authentication: `<form method="post" action="samlsso?SAML2.HTTPBinding=HTTP-POST">` This would engage the SAML2SSOAgentFilter which is specified in the **web.xml** file in the `identity-agent-sso /resources/SampleApp/src/main/webapp/WEB-INF` directory, and redirect the user to the IdP authentication page. Upon successful authentication, the user would be redirected to the **home.jsp** page. In the **home.jsp** file, we have added the following to trigger a SLO flow: ``<a href="logout?SAML2.HTTPBinding=HTTP-POST">Logout</a>`` Clicking on the logout link would trigger the SLO flow engaging the same filter mentioned above. The user would be redirected to the page configured via the `IndexPage` property previously discussed. ## Integrating SAML into your Java application ### Getting Started These instructions will guide you on integrating SAML into your Java application with the WSO2 SAML SDK. This allows the developers to turn a Java application into a SP (Service Provider) that can be connected to an IdP (Identity Provider) which can support the following main features among many others. - Single Sign-On (SSO) and Single Log-Out (SLO) (SP-Initiated and IdP-Initiated). - Assertion and nameID encryption. - Assertion signatures. - Message signatures: AuthNRequest, LogoutRequest, LogoutResponses. - Enable an Assertion Consumer Service endpoint. - Enable a Single Logout Service endpoint. - Publish the SP metadata. A sample application boilerplate is included in https://github.com/wso2-extensions/identity-agent-sso/tree/master/resources/SampleApp-boilerplate which we would use for the following section. The structure of the web app boilerplate would be as follows: []() ### Configuring the web app 1. Starting with the pom.xml, the following dependencies should be added for the webApp to be using the SAML SDK. Install it as a maven dependency: ``` <dependency> <groupId>org.wso2.carbon.identity.agent.sso.java</groupId> <artifactId>org.wso2.carbon.identity.sso.tomcat.server</artifactId> <version>5.5.5</version> </dependency> ``` The SDK is hosted at the WSO2 Internal Repository. Point to the repository as follows: ``` <repositories> <repository> <id>wso2.releases</id> <name>WSO2 internal Repository</name> <url>http://maven.wso2.org/nexus/content/repositories/releases/</url> <releases> <enabled>true</enabled> <updatePolicy>daily</updatePolicy> <checksumPolicy>ignore</checksumPolicy> </releases> </repository> </repositories> ``` 2. Next, the webapp itself has two pages, index.html and home.jsp, and a web.xml file. The index.html contain